Information you requested on Salt SHA512

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jan 21 03:52:17 CET 2015


> On 16 Jan 2015, at 00:50, Robert Graham <robert_graham at uhaul.com> wrote:
> 
> Unicode encoding and we're hashing the salt and password in salt, then
> password order.

It's assumed the User-Password is already in UTF8. If FreeRADIUS can't
determine the current encoding there's no way to do conversions, so it's
up to the administrator to store the passwords as UTF8, and for the 
supplicant to provide the password as UTF8 plaintext.

We don't currently have an iconv wrapper module so all this has to 
happen outside of the server.

A user P-D-D just logged a pull request for SSHA2 and another things.
I've tweaked his code slightly and pulled it into the server. It's
available in v3.0.x and master if you want to test.

Use {ssha512} as the header, or copy the 'known good' password directly
into control:SSHA2-512-Password.

-Arran


> 
> Hash( salt + password );
> 
> Password
> Salt
> Hash
> 
> Hellohello1
> 8888702
> 0x20D6AB7A8B3E40F62D8DC1022D0B0FDE4388FEA53C3ECD63395BA382B2596FFCD15711EEBCC3CCC5620A1B1BCFB4B89914609985994B1E3CB30C568D5FCD0311
> 
> 
> Testtesttest1	
> 8888975	
> 0xDDF4C53D3AD71CB04A4BDD5F6B9B8586BB65723CE027EF26D0E0C121DD4A88311ECA987F5100360C2BD89675531A7AB261F283C64CC64B5DD57563A89507D5DF
> 
>        public static byte[] Hash(string salt, string password)
>        {
>            byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
>            byte[] saltedPasswordBytes;
> 
>            if (string.IsNullOrEmpty(salt))
>            {
>                saltedPasswordBytes = new byte[passwordBytes.Length];
>            }
>            else
>            {
>                byte[] saltBytes = Encoding.Unicode.GetBytes(salt);
>                saltedPasswordBytes = new byte[passwordBytes.Length +
> saltBytes.Length];
>                Array.Copy(saltBytes, 0, saltedPasswordBytes,
> passwordBytes.Length, saltBytes.Length);
>            }
> 
>            Array.Copy(passwordBytes, saltedPasswordBytes,
> passwordBytes.Length);
> 
>            using (var hashProvider = new SHA512Managed())
>            {
>                return hashProvider.ComputeHash(saltedPasswordBytes);
>            }
>        }
> 
> 
> 
> Robert Graham
> Network Engineer
> U-Haul International
> 2727 N. Central Ave
> Phoenix, AZ 85004
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2



More information about the Freeradius-Users mailing list